Analytics sampling rate is intentionally configured

ab-001716 · marketing-analytics.data-quality.sampling-rate-configured

Severity: infoactive

Why it matters

Session recording tools (PostHog, Hotjar, Microsoft Clarity) with no explicit sampling rate default to recording every session. On a medium-to-large project this creates unexpected data volume, processing costs, and storage costs that compound as traffic grows. From an iso-25010:2011 Performance efficiency perspective, unsampled session recording on high-traffic pages can also introduce measurable page weight from the recording SDK. This is an informational signal — default settings are not a crisis, but an intentional sampling configuration is a sign the project has thought through its analytics operational costs.

Severity rationale

Info because unsampled session recording creates cost and data-volume risk at scale but does not cause immediate user-facing or security harm on most projects.

Remediation

Set an explicit sample_rate in your session recording tool's initialization. For PostHog:

// posthog.init call — typically in app/layout.tsx or lib/analytics.ts
posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY!, {
  api_host: process.env.NEXT_PUBLIC_POSTHOG_HOST,
  session_recording: {
    sample_rate: 0.1,  // Record 10% of sessions; adjust for traffic volume
  },
})

For Hotjar, set the recording sample rate in the Hotjar dashboard under Settings → Recording. Review your analytics tool's pricing tier before going to production on a high-traffic site — most platforms charge by recorded session volume.

Detection

ID: sampling-rate-configured
Severity: info
What to look for: For high-traffic sites, analytics sampling can distort data. Check whether sampling is explicitly configured (or explicitly left at default). Look for:
- sampleRate or sample_rate config in analytics initialization
- Session replay sampling (PostHog session_recording with sample_rate < 1)
- GTM or GA4 sampling configuration
- Heatmap tool sampling config (Hotjar, Microsoft Clarity)
Pass criteria: Count every session recording or sampling-sensitive tool. Either the project has fewer than 20 routes (small — unlikely to hit sampling limits), sampling is explicitly configured at 100% or less (or appropriate rate), or 0 sampling-sensitive tools are used.
Fail criteria: At least 1 session recording tool (PostHog recordings, Hotjar, Clarity) is detected with no explicit sampling rate configuration, on a project that appears to be medium (20 or more routes) or large in size.
Skip (N/A) when: No session recording or sampling-sensitive analytics tools present. Skip for small projects (fewer than 20 routes).
Detail on fail: "PostHog session recording enabled with no explicit sample_rate configuration. For a large project, 100% session recording may create unexpected data volume and costs."
Remediation: For session recording tools, set an explicit sample rate:
```
posthog.init(key, {
  session_recording: {
    sample_rate: 0.1,  // Record 10% of sessions
  }
})
```
This is informational — default settings are fine for most projects. Review your analytics tool's pricing and default sampling behavior before going to production on a high-traffic site.

External references

iso-25010:2011 · performance-efficiency — Resource utilisation sub-characteristic

Taxons

observability cost-efficiency

History

2026-04-18·v1.0.0·Initial import from marketing-analytics·automated

Why it matters

Remediation

Set an explicit sample_rate in your session recording tool's initialization. For PostHog:

// posthog.init call — typically in app/layout.tsx or lib/analytics.ts
posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY!, {
  api_host: process.env.NEXT_PUBLIC_POSTHOG_HOST,
  session_recording: {
    sample_rate: 0.1,  // Record 10% of sessions; adjust for traffic volume
  },
})

Detection

ID: sampling-rate-configured
Severity: info
What to look for: For high-traffic sites, analytics sampling can distort data. Check whether sampling is explicitly configured (or explicitly left at default). Look for:
- sampleRate or sample_rate config in analytics initialization
- Session replay sampling (PostHog session_recording with sample_rate < 1)
- GTM or GA4 sampling configuration
- Heatmap tool sampling config (Hotjar, Microsoft Clarity)
Pass criteria: Count every session recording or sampling-sensitive tool. Either the project has fewer than 20 routes (small — unlikely to hit sampling limits), sampling is explicitly configured at 100% or less (or appropriate rate), or 0 sampling-sensitive tools are used.
Fail criteria: At least 1 session recording tool (PostHog recordings, Hotjar, Clarity) is detected with no explicit sampling rate configuration, on a project that appears to be medium (20 or more routes) or large in size.
Skip (N/A) when: No session recording or sampling-sensitive analytics tools present. Skip for small projects (fewer than 20 routes).
Detail on fail: "PostHog session recording enabled with no explicit sample_rate configuration. For a large project, 100% session recording may create unexpected data volume and costs."
Remediation: For session recording tools, set an explicit sample rate:
```
posthog.init(key, {
  session_recording: {
    sample_rate: 0.1,  // Record 10% of sessions
  }
})
```
This is informational — default settings are fine for most projects. Review your analytics tool's pricing and default sampling behavior before going to production on a high-traffic site.